Manhattan U.S. Attorney Announces Arrest Of Individual Who Compromised Thousands Of University Email Accounts And Stole Private And Confidential Information

Preet Bharara, the United States Attorney for the Southern District of New York, and William F. Sweeney Jr., Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), announced the arrest of JONATHAN POWELL for obtaining unauthorized access to email accounts maintained by a New York City area university, using his work computer, and causing over $5,000 of loss in the process. POWELL went on to compromise social media and other online accounts linked to the university email accounts and mined those linked accounts for the users’ login credentials and other private and confidential information. POWELL also attempted to access email accounts at more than 75 other universities around the country. At the time of the alleged offense, POWELL was employed by a private business at its branch office located in Phoenix, Arizona. POWELL was arrested this morning and is expected to be arraigned in federal court in Phoenix later today before a U.S. Magistrate Judge.

Manhattan U.S. Attorney Preet Bharara said: “As alleged, Jonathan Powell targeted dozens of universities around the country, successfully hacking into student email accounts hosted on at least two universities’ servers and accessing the social media, email, and other online accounts of many of those students. Powell allegedly stole students’ personal information and searched their photos for potentially embarrassing content. This case should serve as a wake-up call for universities and educational institutions around the country. There is no greater threat to our security and personal privacy than the cyber threat, and hackers must be identified, stopped, and punished.”

FBI Assistant Director William F. Sweeney Jr. said: “Sitting at a computer more than 2,000 miles away, Jonathan Powell allegedly attempted unauthorized access to more than 2,000 university email accounts. Powell used password reset tools to basically pick the lock of thousands of personal spaces and look around at what was stored there. Cybercrime victims can be large companies or individual users who have their network or accounts accessed illegally, even if there is no theft. The FBI takes seriously any allegations of intrusions, and we will continue to hold accountable those who pose a threat in cyberspace.”

According to the allegations contained in the Complaint:

From at least in or about October 2015 up to and including at least in or about September 2016, POWELL obtained unauthorized access to email accounts hosted by at least two United States-based educational institutions, including one which has its primary campus in New York, New York (“University-1”). POWELL obtained unauthorized access to these accounts by accessing password reset utilities maintained by the email servers at the victim institutions, which are designed to allow authorized users to reset forgotten passwords to accounts. POWELL utilized the password reset utilities to change the email account passwords of students and others affiliated with those educational institutions. Once POWELL gained access to the compromised email accounts (the “Compromised Accounts”), he obtained unauthorized access to other password-protected emails, social media, and online accounts to which the Compromised Accounts were registered, including, but not limited to, Apple iCloud, Facebook, Google, LinkedIn, and Yahoo! accounts. Specifically, using the Compromised Accounts, POWELL requested password resets for linked accounts hosted by those websites (the “Linked Accounts”), resulting in password reset emails being sent to the Compromised Accounts, which allowed POWELL to change the passwords for the Linked Accounts. POWELL then logged into the Linked Accounts and searched within the Linked Accounts, gaining access to private and confidential content stored in the Linked Accounts. In one instance, POWELL searched a University-1 student’s linked Gmail account for digital photographs, and for the terms “password,” “naked,” “cum” and “horny.”

An analysis of University-1 password reset utility logs and other data revealed that POWELL accessed the University-1 password reset utility approximately 18,640 different times between approximately October 2015 and September 2016. During that timeframe, POWELL attempted approximately 18,600 password changes in connection with approximately 2,054 unique University-1 email accounts and succeeded in making 1,378 password changes in connection with approximately 1,035 unique University-1 email accounts. (The number of successful password changes is greater than the number of compromised University-1 email accounts because certain University-1 email accounts were compromised more than once.)

In or about September 2016, POWELL repeatedly accessed the password reset utility of a second university located in Pennsylvania (“University-2”), in a similar fashion to University‑1. During that timeframe, POWELL attempted to change the email passwords for approximately 220 University-2 email accounts, and successfully changed the email passwords for approximately 15 University-2 email accounts. Following the unauthorized access of those University-2 email accounts, a number of Facebook accounts linked to the compromised University-2 email accounts were also compromised.

The FBI obtained and analyzed the device (the “Device”) assigned to POWELL at his place of employment in Phoenix, Arizona (the “Company”), which POWELL utilized in the above-described scheme. The FBI also obtained from the Company a network backup of certain files on the Device, created on or about September 30, 2016 (the “Device Backup”), which the FBI also analyzed. The Device and Device Backup contain, among other things, a number of documents listing University-1 email account usernames and passwords. Certain documents found on the Device also contain credentials – i.e., usernames and passwords – for logging into various internet service provider (“ISP”) accounts appearing to belong to the same University‑1 email account users.

A review of the Device’s web browser history, covering the period from July 5, 2016, to October 3, 2016, revealed that POWELL accessed student directories and login portals associated with more than 75 other colleges and universities (the “Other Universities”) across the United States. An analysis of the Device Backup demonstrated that the Device Backup contains several documents with filenames that refer to certain of the Other Universities. Those documents contain what appear to be login credentials for a variety of password-protected accounts linked to email accounts at certain of the Other Universities.

POWELL, 29, of Phoenix, Arizona, is charged with one count of fraud in connection with computers, which carries a maximum sentence of five years in prison. The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Bharara praised the investigative work of the FBI.

The case is being prosecuted by the Office’s Complex Frauds and Computer Crimes Unit. Assistant United States Attorneys Christopher J. DiMase and Timothy Howard are in charge of the prosecution.

The charge contained in the Complaint is merely an accusation, and the defendant is presumed innocent unless and until proven guilty.

You've been defrauded? FraudsWatch.com tries to help as to denounce embezzlement, theft or if your identity has been compromised. I put at your disposal example, guide and guidance about fraud, scams and identity theft.

Related Articles

Georgia Trader Pleads Guilty To Largest Known Computer Hacking And Trading Scheme More Than 150,000 Press Releases Stolen from Three Major Newswire Companies Used to Generate Approximately $30 Million in Illegal Trading Profits Earlier today, Leonid Momotok, of Suwanee, Georgia, pleaded guilty to conspiracy to commit wire fraud [Read More…]

According to the Federal trade Commission (FTC), there are around 10 million reported cases of identity theft each year in the United States. A recent report by Eugene Kaspersky, founder and head analyst of Kaspersky Labs (a leading internet security company), indicates that the level of criminal activity [Read More…]

BUSINESS E-MAIL COMPROMISE: THE 3.1 BILLION DOLLAR SCAM This Public Service Announcement (PSA) is an update to the Business E-mail Compromise (BEC) information provided in Public Service Announcements (PSA) 1-012215-PSA and 1-082715a-PSA. This PSA includes new Internet Crime Complaint Center (IC3) complaint information and updated statistical data. DEFINITION [Read More…]

Gabonese National Pleads Guilty To Foreign Bribery Scheme The Son of a Former Prime Minister of Gabon Bribed High-Ranking Government Officials in Multiple African Countries to Obtain Uranium Concessions and Other Mining Rights Samuel Mebiame, [Read More...]

SCAMMERS MILITARY there -not military mission profile on social networks military do profiles on social network when in Afghanistan mission, Syrian offshore or any other care mission are fake profiles of Nigerians use photo and [Read More...]

Scam romance is a form of cheating or stealing by fraudulent, using tools from the internet, such as dating websites or emails. Have a method that uses images stolen from other people and false stories [Read More...]

Extra-governmental departments and corporations are investigating circumstances of mortgage fraud than ever earlier than. Even as this can be a just right signal for skills victims, the sheer numbers of fraudulent instances make it problematic [Read More...]

There is a clear-cut difference between tax avoidance and tax evasion. One is legally acceptable and the other is an offense. Unfortunately however many consultants even in this country do not understand the difference between [Read More...]

Randolph Man Convicted by Jury of Defrauding DreamWorks by Falsely Claiming he Created Kung Fu Panda BOSTON – A Randolph man was convicted late today of wire fraud and perjury charges in connection with a [Read More...]

About FraudsWatch.com

You've been defrauded? FraudsWatch.com tries to help as to denounce embezzlement, theft or if your identity has been compromised. I put at your disposal example, guide and guidance about fraud, scams and identity theft.

Have you been deceived in auto insurance? You want to know what are the main forms of fraud or scams and how to report or notify an auto insurance? You can find clear answers in this article, in which I tried to explain to you everything you need to know about car insurance fraud and how to beware not to be fooled. What You Need to Know About Auto Insurance [Read More...]

This website uses cookies to improve your experience. This site uses cookies to Google for the provision of services, the customization of the ads and traffic analysis. The information on your use of the site are shared with Google. If you continue browsing you consent to the cookies. AcceptRead More